Migration and Managed Services Supplement

1. Parties

As per the Order Form

2. Terms

The Order Form is executed in accordance with the terms of all Exhibit(s) attached, BEMO terms, supplements, agreements, and policies found at https://www.bemopro.com/legal as well as with any other terms attached to this Supplement, if any, between Customer and Contractor, all collectively referred as “Agreements” and is entered into by the parties and effective as of the Order Form Signature date that falls on or before the Offer expiration date “Offer Expires On Date” found in the Order Form.  

BEMO will perform the services listed in the Order Form and only the terms for the services included in the Order Form will apply.

3.  Description of Services and Scope Summary

As per the Order Form.

3.1 Services

• No onsite service is provided. All work will be completed remotely only.
• Basic Help Desk is included for all customers that purchase Microsoft licenses with BEMO.
• A surcharge will apply as per section 11.3 (Payment Authorization) for quantities more than what was quoted the Order Form.
• Any customizations or requests for research outside the scope of our packaged offering or detailed in the Order Form will be scoped during the project and change orders provided for Customer review and approval.

3.2 Target tenant, Tenant Requirements, Scope for the total number of users, total number of devices, Total number of Compliance Applications

• The customer is accountable to ensure the minimum number of Microsoft seats matches the number of BEMO Migrations, Managed Services (Managed Help Desk, Managed Security, or Compliance Packaged) seats.
• Customers’ tenant must be located within the United States and must establish a Cloud Service Provider relationship with BEMO.
• Your services will be delivered according to the Customer Intake Form attached to the Order Form.

3.3 Waivers

• Customer understands that Security and Compliance projects build upon each other. Selecting to not deploy certain features, controls, policies or projects, will impact the ability to implement downstream projects and invokes the need for a liability waiver.
• BEMO requires customers to participate in the deployment of security configurations per the scheduled plan. If Customer project delays occur or when work is stopped by the customer, a liability waiver will be presented that holds the Customer responsible for any security vulnerabilities or breaches, until the Customer allows BEMO to deploy all the security configurations as per the Order Form.

3.4 Final go-live services

As per the Order Form

3.5 Compliance Audit Services

Audit Services are scoped by auditor request and the annual pricing as per the quote attached to your Order Form.

Framework	Self-Assess	Internal Audit Required	External Audit Required	BEMO Required
SOC-2 Type 1	Yes	No	No	Yes - External
SOC-2 Type 2		No	Yes
HIPAA	Yes	No	No	Yes - External
ISO 27001		Yes	Yes
NIST 800-171	Yes	No	No	Yes – External
CMMC 2.0 L1	Yes	No	No	Yes - Internal Yes - External
CMMC 2.0 L2		Yes	Yes

4.0 Resources

Customer Resource Requirements

• Executive Sponsor to make decisions when needed.
• C-level or managing Director 
• Day to Day Point of Contact for managing project deliverables
• For Customer deployments between 100 and 249 users a Customer Project Manager (PM) at least 25% of the time is the best practice we see to keep teams and multiple work streams aligned.
• For Customer deployments of greater than or equal to 250 users a Customer Project Manager is required to keep teams and multiple work streams aligned. It is common to have up to 7 projects running simultaneously where projects are more efficiently managed with a Customer PM role. This role is a resource different from, the day to day technical Point of Contact. 
• For compliance projects:
  • A dedicated resource as a point of contact that participates weekly in project efforts and is accountable for delivering project compliance outcomes. No less than 10 hours a week is expected, and at certain times, may require more than 50% dedicated engagement. 
  • Commitment from C-Level executives as required by the project (e.g., background checks, reviews, and approvals).

If the customer point of contact or executive sponsor is reassigned or becomes unavailable for any reason, a new customer resource is to be put in place within 7 business days.

The C-Level, Security lead or Managing Director will be made aware of any security liability waivers the Customer Project Point of Contact or day-to-day project team leader requests.

5.0 Migration Details and Scope

Your email migration service includes a one-time migration of the following objects from your current email provider specified to Exchange Online when migrating from Exchange Server, Exchange Online, or Google Workspace (G Suite):

• Emails
• Contacts
• Calendar items

On any other platform, only emails are migrated.

Plus, BEMO provides:

• Best practice guidance provided to minimize downtime and impact on end-users
• Post-migration support includes how-to steps, online readiness resources, and global admin orientation.
• Instructions on how to connect to Exchange Online from Outlook
• DNS mapping to your domain

Scope and data will be validated when the project kicks off. If larger amounts of data are found, additional time and cost will be added to the project.

Downtime for end users will be kept to a maximum of 6 hours, unless otherwise noted due to scope and size of the data.

5.1 Email migration service

As per the Customer Intake Form attached to the Order Form

5.2 OneDrive for Business migration service

As per the Customer Intake Form attached to your Order Form

5.3 SharePoint site file migration service

As per the Customer Intake Form attached to the Order Form

5.4 Teams Channel file migration service

As per the Customer Intake Form attached to the Order Form

5.5 Teams private chat

As per the Customer Intake Form attached to the Order Form

5.6 Security Configurations

BEMO enables default security controls on the customer tenant: Multi-Factor Authentication (MFA) and Self-Service Password reset (SSPR). If the customer chooses not to deploy MFA, the customer is required to sign a security waiver.

5.7 Access to Email

Post-go-live customer email access is available on Outlook Web (OWA) web service. Access to the Outlook desktop client requires the customer to follow post migration instructions.

5.8 What is required by the customer?

• Customer shall deliver all required information and deliverables per the delivery schedule. See Exhibit D
• Customer must have administrative access to their DNS for the email and SharePoint domains to be migrated.
• Customer must provide BEMO administrative access to the DNS records for all the impacted internet domains.
• Customer must purchase required licenses for the period required for BEMO to execute the work prior to any applicable project, including any licenses required for testing project implementations.
• NOTE: To keep your project on schedule, BEMO may fulfil your order on your behalf based on the quote attached to the Order Form.
• Customer is responsible for terminating redundant licenses purchased with any other partner or purchased directly from Microsoft.
• US Customers: Establish a Cloud Service Provider relationship with BEMO.
• Non-US Customers: Designate BEMO as your Digital Partner of Records (DPOR).
• Customer must either:
  • Provide administrative access to the Exchange Server console.
  • Enable Microsoft Exchange Source-Side Impersonation (SSI).
  • Provide username and password for each of the mailboxes to be migrated.
• Customer reports any possible issues within 72 hours following the final release/go-live.
• Customer forces all its users to reset their password after completing the migration.
• Customer must disable Multi-Factor Authentication (MFA) during the migration process, if any.
• Customer source email should ideally support EWS protocol; if not, then IMAP or POP3.
• Customer must manage expectations and communicate Post Migration Instructions to all end-users, ensuring they follow all instructions provided by BEMO to facilitate the migration.
• Customer is required to have a change champion to drive adoption
• Customer is responsible for performing a backup of its data prior to migration by saving *.pst files or through other means.
• Customer is accountable for backing up device data prior to Intune enrollments.
• Customer will be required to provide contact information for each user targeted for this project. BEMO assumes no liability if the customer provides a phone number that is not SMS enabled, a wrong phone number, or an invalid email address. Doing so may impair the user’s access to email and other services.

The effort and time needed to complete migration depends on the number of factors listed below. The customer must deliver timely, accurate information to meet expected project delivery dates.

• the accuracy of the information provided by the customer (username, credentials, etc.).
• BEMO’s access to your DNS records.
• DNS service provider availability and response may impact schedules.
• the number of mailboxes and sites to be migrated.
• The size of each mailbox found to be greater than 100 GB requires additional approval from Microsoft to proceed; therefore, by default, it is out of scope without this approval. Any mailbox between 50GB – 100GB requires a P2 license.
• Tenant data exceeding 2TB, additional charges apply. Custom Delivery estimations will be scoped and quoted. The team will assess the data upon project kick off to validate assumptions and discuss if any changes are required. A change order will be provided if Customer exceeds the size limitations quoted.
• the connection speeds available between the current hosting and Exchange Online.
• the throttle set by Microsoft, which may limit the speed of data transfer.

5.9 Migration Surcharge

The following pricing schedule will apply for efforts in excess of what has been quoted in the Order Form.

User or shared mailboxes, and each Team (per 100GB increment) in teams will be billed as the per unit price in quote attached to the Order Form.

Other charges are detailed below:

5.10 Migrations/SharePoint, M365 Office Applications, Teams: What is out of scope, NOT included as part of the Order Form

What is out of scope, NOT included :

Unless quoted in writing, the following items are not included as part of the Order Form and will be billed as per Section 10.4

• Training users on using Exchange Online, Outlook, SharePoint, Teams, or any Office applications.
• Customers have an option to purchase BEMO’s training offer and understand that this offer enables them to train their employees on Microsoft tools when moving from Google Workspace or any other platform to M365. Customers are accountable for full training, change management and adoption of the Microsoft tools within their organization. BEMO is not responsible for Customer's internal adoption. A Customer's failure to drive appropriate change management and adoption is not a cause for termination.
• Configuring your service with a 3^rd party email client application.
• Migration of mailboxes or files size in excess of what is currently supported by Microsoft tools or Exchange Online. (Microsoft platform limitation: email migrations must be less than 100G per mailbox/user)
• Migration of any functionality that is not supported by Microsoft applications or the Microsoft platform when moving from Google Suites or any non-Microsoft application or platform. (e.g. Google Sheets macro functionality). When moving from one platform to another, it is the Customer’s responsibility to understand the limitations of the functionality between platforms and take appropriate measures prior to project kick off.
• Customization of Exchange Online.
• BEMO cannot assert the accuracy of migration, but we will use the best methods and tools on the market to perform its work.
• Configuring or creating client-side rules, server-side mailbox rules, Security Groups, public folder email addresses, custom display names in Office 365, customer exchange advanced properties, resource room settings, archives stored locally or additional PST, mailbox permissions (delegation, send-as), automapping, custom or 3^rd party attributes and Active Directory. Unless agreed otherwise in writing.
• Migration of categories, category colors, folder permission, non-mail items in POP/IMAP, contact group, mail-flow rules (e.g., forwards or SMTP relays), online Archives, offline Archives, and custom Exchange fields or MAPI properties.
• Upgrades, installation, or troubleshooting Office applications, Skype for Business, Teams, CRM applications, firewall, VPN, Directory Sync, ADFS, and SSO.
• Microsoft Teams migrations: data that falls outside Microsoft limitations and applications not supported by the migration tools used.
• Microsoft 365 Security Groups.
• SharePoint design/customization, SharePoint third-party applications or any changes outside of one-to-one mapping of files from source to destination are out of scope.
• For non-M365 customers such as Google or Box or other non-Microsoft platforms, the following option can be purchased:
  • If the customer desires a SharePoint hub, this can be scoped for an additional charge. BEMO will offer simple landing pages for this additional charge to assist departments in finding, navigating or working with documents. If this is desired, an extra charge applies.
    • Small Organization Iterations: 10 site deployment uses BEMO Template basic banner, source files with the top-level permissions applied at the site level. Twenty-three hours, one to three weeks to deploy
    • Medium Organization Iterations: 10 site deployment uses BEMO Template basic banner, source files with top-level permissions applied at the site level. Accounts for more customer meetings due to size of organization. Twenty-nine hours, five to six weeks to deploy due to department size/customer validations.
  • If the SharePoint deployment scope is larger than what is scoped above, such as additional scope for multi-level permissions, or other mapping requests, additional charges will apply. Scoping will occur during the project.
  • Permission Mapping where customers desire their SharePoint sites to be mapped to M365 Security Groups is an extra charge. This is an estimated minimum of forty-hour effort at $250 per hour/$10,000. The scope will be validated during the project and a change order submitted for any additional efforts.
  • If the customer would like a full company designed SharePoint portal, BEMO suggests engaging a third-party SharePoint MSSP to assist once the BEMO project is completed.
• Post-migration issues reported more than 72 hours after the final release/go-live has been completed.
• Guest accounts.

6.0 Work Scope: What is included for Cybersecurity, Compliance, and Managed Services: Managed Help Desk, Managed Security

Refer to Order Form Exhibit A for the service description, Exhibit B for Managed Services and Exhibit C for pricing.

All out-of-scope work or quantities more than what was quoted in the Order Form.

6.1 Cybersecurity

6.1.1 Cybersecurity Customer Responsibilities

• Customer must purchase the required licenses for the period required for BEMO to execute the work prior to security and compliance projects.
• Customer is responsible for backing up devices prior to security device enrollments.
• Customer must ensure all device operating systems are up to date on current Microsoft OS or Mac OS prior to Corporate Device Project Kick off.
• By delaying or waiving any project, specifically Cybersecurity projects (i.e. Corporate Device, et.al), this will delay and impact the ability to deliver downstream projects.
• Customer is responsible for ensuring their users are available and prioritize device enrollments per the agreed upon BEMO enrollment schedule.
• Customer is responsible for wiping Windows devices for device enrollments. If this process is unacceptable a per device charge will be quoted as part of this agreement or as a change order if a device or set of devices are requested not to be wiped during the project.
• Customer agrees with the terms contained in the Apple Business Manager Agreement.
• Customer agrees that if a device is not already enrolled in Apple Business Manager, it will be necessary to wipe the device in order to manage your device. This requirement arises from our deployment strategy, which includes integrating Apple Business Manager with Intune. The reasons for this requirement are as follows:
  • Device Registration Retention: Apple Business Manager retains the device registration information.
  • Intune Agent Security: Apple Business Manager ensures that the end user cannot remove the Intune agent at any time.
  • Application Management Integration: Application management is connected to Apple Business Manager.
• Please note that enrolling a device into Apple Business Manager for the first time requires a secondary iPhone to complete the process.
• Customer agrees that is a device is already enrolled in Apple Business Manager, it will not be required to wipe the device.
• Customer is aware that issues or configurations within their environment may cause a Mac device to not boot.  If this situation occurs, the customer agrees to either replace the device or take the device to a Mac store for cure.
• Customer is responsible for making device enrollment decisions and delivering required device and user information within the first 2 weeks of the Corporate Device project.
• The corporate device project enrollment window for wiped devices is three months. If Customer delays or there is lack of Customer readiness or delays in device enrollment participation, it is the customer’s responsibility to enroll the devices and BEMO will place the project on hold until the devices are enrolled.
• Before the Corporate Device project kicks off Customer is responsible for identifying devices that are eligible for wiping and providing a list for unwiped device change order service charges if desired.
• Any application locally installed and configured on the device would need to be reinstalled and reconfigured. The customer is responsible for reinstalling local applications that cannot be pushed through Intune or downloaded from the Intune portal.
• The Customer’s IT team is expected to partner on device deployments. Be present on session days with BEMO pod leader. If a Customer situation arises where their team cannot or does not want to participate in device enrollments, a surcharge will be calculated, and a change order will be processed. The fee will be determined by the level of enrollment effort remaining in the corporate device project.
• A no-show fee will apply when scheduled customer appointments for device enrollments are not attended or rescheduled within 3 business days of the appointment time. This is a $250 fee per no show.
• BEMO is not responsible for device failures during the wipe process for all device types.
• Customer is accountable for leading internal communication, change management and ensuring the organization is ready for the required processes that are expected when creating a security culture.

6.1.2 What is in scope for Cybersecurity

• As per the Order Form
• Cybersecurity as a Service is a minimum of 10 seats. BEMO Managed Security does not apply to BEMO Cybersecurity Bronze. The solution includes deployment, configuration and maintenance.

6.1.3 What is out of scope for Cybersecurity

Anything not explicitly described in the Order Form.

6.2 Compliance

6.2.1 Compliance Customer Requirements:

• Customer must provide BEMO administrative access to a sanctioned GRC Platform, either Drata or Vanta and other security systems (ticketing system, Identity Security, End-Point Security, phishing software, SIEM or other) required for integrations and to obtain compliance management capabilities from Compliance Software Vendor (GRC Platform: Drata/Vanta).
• The compliance software chosen by the Customer (GRC Platform: Drata/Vanta) must support the system integrations required with the Customer’s existing software applications and platforms. It is the Customer’s responsibility to ensure there are no limitations with their existing systems and the compliance software they have chosen (GRC Platform: Drata/Vanta).
• Customer must purchase required licenses for the period required for BEMO to execute the work prior to any applicable project.
• Customer must manage expectations and communicate to all to all policy and control process owners their accountability in the compliance process.
• Customer is accountable for leading internal communication, change management and ensuring the organization is ready for the required processes that are expected when creating a compliance culture.
• Customer acknowledges that there is Personal Identifiable Information (PII) and Intellectual Property (IP) that they will be accountable for uploading to the compliance system (Drata or Vanta). This information can include but is not limited to (background checks, Customer IP evidence, or the like). Any information that cannot be uploaded from direct connect to systems, is the accountability of the Customer.

6.2.2 Managed Compliance Services Scope

Project implementation compliance scope includes setting up Compliance Software chosen (GRC Platform: Drata/Vanta), integrations required, providing the Customer with framework policy templates, assisting with evidence collection where systems and access allow (see out of scope section for details), facilitating the tabletop exercise if required for the audit purchased and managing the internal and external auditing process with the lead customer contacts.

Managed compliance services scope includes ongoing monitoring systems to keep all controls updated as required and providing a monthly review if the certification requires this level of executive reviews for compliancy. Else, quarterly compliance reviews will be hosted by your Customer Success Manager to review compliance standings. On an ongoing basis, the BEMO compliance team may reach out to the Customer point of contact if framework updates require new processes, data collection, or evidence that BEMO cannot retrieve via existing systems.

6.2.3 What is Out of Scope for Compliance

Unless quoted in writing, the following items are not included as part of the Order Form:

• Any system information that is found to not have the capability to integrate with the GRC Platform: Drata/Vanta. This is the accountability of the customer to manage.
• Any custom integrations that the Compliance software does not support
• Custom reporting and automations outside what the compliance software (GRC Platform: Drata/Vanta) offers or the BEMO compliance reporting currently offers.

7 Deliverables and Schedule

Contractor’s completion of all the Work on or before the Order Form Project/Program End Date is dependent on Customer’s ability to deliver all required information and deliverables per the Delivery Schedule Addendum.

If customers place projects on hold, access to project resources is rescinded. The customer will work with their BEMO Customer Success Manager directly and BEMO Support until they are ready to reconvene the project work.

The effort and time needed to complete the compliance process depend on the readiness of the Customer’s current systems and processes and the amount of customer effort and resource availability to close the compliance gaps to achieve certification.

Estimated timelines

• Managed Compliance Implementation Services is an estimated range of 10 - 14 months. After certification, the framework compliancy is an ongoing managed service.
• See Customer delivery requirements in Exhibit D

Request the Delivery Schedule Addendum for Customer deliverables and estimated timelines from your account executive.

8 Success Factors

The time needed to deploy your solution(s) successfully will depend on numerous factors, including but not limited to:

Migration & Cybersecurity

• your response time and active weekly participation, and adherence to the delivery schedule
• the range of solutions purchased
• the number of users to onboard
• the number of hardware devices to configure
• access to your network and resources
• the amount of data to transfer
• the connection speed available between the different services
• the features and availability of the services provided by 3^rd party service providers
• the throttle set by Microsoft or other vendors, which may limit the speed of data transfer
• adequate network

Compliance

• Customer response time to business process and compliance needs and active weekly participation, and adherence to the delivery schedule
• integration complexities
• the number of vendors to validate, request/receive and upload their compliance certifications
• the number of and/or whether employee background checks are completed or need to be initiated
• commitment to and existing maturity in business risk management to ensure timely categorization, rank and evidence of mitigation collection
• commitment to maturing Customer existing business, compliance and security management practices
• the gap in processes required to meet certification requirements
• the number of Pentest fixes to close the compliance gap
• dependencies on Customer IT or Security teams where BEMO is not managing both security and compliance
• Customer Business and Product Development evidence readiness

9 BEMO Breach Response Support

If Customer subscribes to one of our cybersecurity offers, in case of a breach caused by a successful cybersecurity attack, our BEMO Cybersecurity Response team will analyze and respond to your cybersecurity incident. BEMO Managed Security covers up to Level three (3) breach remediation as part of your subscription service.  After any Level one (1), two (2) or three (3 ) level breach, BEMO will provide you with a full report on the cause, the steps taken to respond to the incident, and recommendation to avoid similar incident(s) in the future.

For Level four (4) breaches there are additional charges. A level four (4) breach is when local or federal law enforcement or agency involvement or an investigation that involves foreign entities or impacts requiring deeper investigations for insurance requirements. Since a Level 4 breach doesn’t occur often, BEMO chooses not to include this cost in the monthly subscription; but rather provide a rate table that will be used if one occurs. Each Level four (4) breach response will be billed according to the following schedule.

If you subscribe to any of the following offer:	You will be charged the following amount for each breach response request:
BEMO Cybersecurity Bronze BEMO Cybersecurity Silver BEMO Cybersecurity Gold BEMO Cybersecurity Diamond BEMO Cybersecurity Platinum	$2,900 per day for Level 4 breach
If you do not subscribe to any BEMO Cybersecurity packages	A minimum of 15 hours, billed ($7,500) hourly rate applies at $500 per hour for any level breach

 

10 Payment

For generic terms pertaining to fees and payment for Purchased Services, refer to Section 6 of the BEMO Terms of Service document.

10.1 Non-recurring (one-time) fees (check all that apply)

As per the Order Form

10.2 Recurring fees

Recurring fees to be paid to BEMO includes:

• everything listed in the Order Form;
• all incremental purchase made with BEMO; and
• all fees pertaining to True-up as per section 3.5 of our terms of service.

10.3 Payment authorization and surcharges

For projects of less than Ten Thousand U.S. Dollars ($10,000.00 USD), Customer authorizes Contractor to bill the customer using the payment method on file for the amounts and terms specified above.

If the Customer does not procure all the needed licenses to perform the services (Microsoft or other application licensing required for example migration) for the sake of time, BEMO will add the needed licenses on behalf of the Customer, and Customer will be billed accordingly for a not to exceed extra $500.00 per month.

For quantity more than what has been quoted in Section 4 and Section 6, and on the attached quote, and for the sake of time, Customer will be billed as per Section 10.4 for a not to exceed extra $5,000.00 as a one-time fee.

For project surcharges due to:

• No show enrollment occurrence(s) charged at $250 USD per missed enrollment meeting.
• Devices that are not wiped per device fee: $350 USD
• Auditor delay fees per attached auditor terms: 20% of the auditor line item quoted

10.4 Out-of-scope work

The work is performed at a fixed price based on the agreed scope.

Out-of-scope IT Services conducted during regular business hours	$250 per hour
After-hour and weekend IT Services	$300 per hour
Out-of-scope Compliance work conducted during regular business hours	$300 per hour
After-hour Compliance work	$350 per hour
Out-of-scope or after-hours Security Services	$450 per hour

 

11 Term and Termination

Early termination: In case of early termination, BEMO has the right to invoice all worked hours up to the date of termination request in excess of the non-refundable committed effort. No refund for material or product licenses will be provided. Our Terms of Service.

12 Amendments, Additional Scope or Special terms and conditions (if any)

As per the Order Form

EXHIBIT A – Service description matrix (zoom in)

EXHIBIT B – Support and Managed Services

BEMO support and managed service scope is dependent on which service Customer has purchased.

	Microsoft License Only	BEMO Managed Services
		BEMO Managed Security	BEMO Managed Helpdesk	BEMO Managed Compliance
Availability Options (Eastern Time)	Mon-Fri 8 AM-8 PM	Mon-Fri 8 AM-8 PM Mon-Fri 24/5 Mon-Sun 24/7	Mon-Fri 8 AM-8 PM Mon-Fri 24/5 Mon-Sun 24/7	Mon-Fri 8 AM-8 PM
Scope Definition	Microsoft License Functionality Break Fix Support (Basic Troubleshooting)   Escalation to Tier 2 and Tier 3 (Microsoft) support.	Microsoft License Scope BEMO’s security policy and configuration deployment Maintenance of new and old Microsoft features as relevant to security policies and configurations deployed Breach Response Support Proactive management of BEMO’s security policy and configuration deployment Monitoring, alerting, and remediation as per security level deployed Proactive vulnerability management (Platinum Security required) Quarterly security review	Microsoft License Scope Escalation to Tier 2 and Tier 3 (Microsoft) support Onboarding and Offboarding Tier 1 Line of Business App Support Anydesk Remote Access Quarter review	Microsoft License Compliance Scope GRC Platform Management and Support Proactive management of BEMO’s compliance setup in GRC platform Monitoring and alerting as per the compliance framework Follow up with policy owners and security personnel for remediation action guidance QBR Proactive compliance framework updates and communication
Dedicated Team	BEMO does not provide a dedicated CSM or service team	Dedicated Security Engineers + Dedicated CSM	Faster Response Support Team + Dedicated CSM	Dedicated Compliance Engineers + Dedicated CSM

 

To get support with BEMO, we recommend using our Helpdesk Portal, which is available on our website: https://www.bemopro.com/support. Customers can submit tickets via the portal, call BEMO’s helpdesk, or submit an email. Customer points of contact can manage the organization’s tickets via the helpdesk portal.

Escalation Paths

1. Assigned Support Engineer (via ticket or call)
2. Escalation to Manager of Engineering Services (for Support, Delivery, or Managed Services)
3. Escalation to Senior Director of Customer Success

Third-Party Line of Business Application Support

As mentioned in the Managed Helpdesk scope, BEMO will provide the following limited support for third-party, line-of-business applications as follows:  

• BEMO’s support is limited to supporting the end-user and their interactions with the third-party application providers. In addition, because BEMO does not develop or provide these applications, BEMO cannot guarantee 100% successful resolution.  

• BEMO will make every reasonable effort to assist the end-user in reaching a resolution with the application provided on a best-efforts basis.  

• BEMO is not responsible for supporting the functionality of the application.  

• The Customer is responsible for ensuring they have access to support for the line of business applications agreed upon at the time of contract or onboarding that are not part of the Microsoft 365 suite of applications used via licenses purchased from BEMO.  

• New applications not listed on this SOW will require review and acceptance by BEMO to be added as a supported, third-party line of business application.  

EXHIBIT C – Price Quote

See the addendum attached to the Order Form

EXHIBIT D – Customer Intake Form

See the addendum attached to the Order Form

EXHIBIT E – Delivery Schedule

Contractor shall complete and deliver all Work to Customer on or before the Order Form Effective End Date. The Order Form Program/Project end date is predicated on the customer meeting their deliverables, decision points, and leading the change management and deployment cadence within the allotted timeframe of the project schedule. If new scope and technical issues arise, both Contractor and Customer will discuss reasons for the delay, change order costs associated with the additional work effort and agree on a new project schedule timeline if the timeline is impacted.

Delivery timelines are allocated based on the assumption the customer is moving to the Microsoft Platform with no redundant third-party applications/solutions outside of what the Microsoft platform offers or the existing third-party applications that are part of BEMO’s offering. If there is a desire for a custom solution that includes additional non-Microsoft third-party applications, there will be an additional cost for custom solutions, configurations and often these custom solutions come with security and process impacts. The delivery team will assess the effort during the project and determine any schedule or budget impacts.

Customer shall deliver all required information and deliverables required by the delivery schedule.

General Customer Delivery Expectations

• Customer must manage expectations by communicating with all end-users, ensuring they follow all instructions within the timeline provided by BEMO and are proactively facilitating all project deployments.
• For compliance projects Customer must deploy security projects per Platinum package to proceed with compliance project tasks and certifications (i.e. corporate device security is implemented to reach SOC-2 compliance)
• For security projects, Customer understands choosing not to deploy controls/policies will have an impact on downstream projects, security coverage, compliance and require the Customer to sign a liability waiver. In many instances downstream projects may not be able to be deployed if prior projects are not fully implemented.
• Each project type has windows of delivery time expected based on size and complexity. The Order Form Program/Project End Date is set according to a typical sizing window. BEMO project teams expect customers to participate and meet all requested deliverables within the schedule. If technical issues arise, and Microsoft support or third-party support is required, these typical timeframes will be adjusted during the project based on the escalation vendor’s response time and a new Program/Project End date if required will be mutually agreed.

The required Customer Deliverables by Project type will be provided at project kickoff. If you would like to review these items, ask your account executive to provide the Delivery Schedule Addendum overview document.